CUNA Regulatory Comment Call

October 19, 2007

EXECUTIVE SUMMARY

The Department of the Treasury and the Federal Reserve Board (the Agencies) issued a joint
proposed rule to implement the Unlawful Internet Gambling Enforcement Act (Act).

The proposal designates the following five payment systems that could be used in connection
with a restricted transaction: automated clearing house systems (ACH); card systems, check
collection systems, money transmitting businesses; and wire transfer systems.

Most participants from the ACH, check collection and wire transfer systems will be exempt.
Participants in these systems that are not exempt are those with a customer relationship with the
Internet gambling business and those that send or receive certain cross-border transactions,
including credit unions if they engage in these activities.

This means that participants in card systems and within money transfer businesses would be
covered by the rule, including credit unions participating in these systems.

All non-exempt participants would be required to either establish or implement policies and
procedures to identify and block, prevent or prohibit restricted transactions or rely on and
comply with the policies and procedures established by the payment system.

The proposal provides nonexclusive examples of policies and procedures for each designated
payment system.

A safe harbor is provided to anyone that identifies and blocks a transaction if it is
restricted, the participant believes it is restricted or the transaction is blocked in reliance on
the policies and procedures.

This is a very confusing proposal and we dont pretend to have all the answers because the
regulators certainly dont.

Comments are due to the Treasury and the Federal Reserve by December 12, 2007. Please
submit your comments to CUNA by November 25, 2007. Please feel free to fax your responses
to CUNA at 202-638-7052 or e-mail them to CUNA SVP and Deputy General Counsel Mary Dunn at
mdunn@cuna.com or Assistant General Counsel Lilly Thomas at
LThomas@cuna.com or by telephone at 202-638-5777.

BACKGROUND

The Unlawful Internet Gambling Enforcement Act of 2006 (Act) was enacted as Title VIII of the
Security and Accountability For Every Port Act of 2006 and signed into law on October 13, 2006. This
Act prohibits persons engaged in the business of betting or wagering from knowingly accepting payments
from another engaged in unlawful Internet gambling. Among other provisions, the Act directs the
Federal Reserve Board and Treasury Department to implement its provisions, in consultation with the
Department of Justice. They were directed to designate the payments systems that could be used to make
a restricted transaction under the Act (an illegal Internet gambling transaction). Designating a
payment system subjects it and the financial transaction providers, such as financial institutions, to
regulation. Federal financial institution regulators, including NCUA, are to enforce the rule, when
finalized, for the institutions they supervise. (NCUA will enforce the rule for all federally insured
credit unions; privately insured stated chartered credit unions will be under the Federal Trade
Commissions enforcement.)

The Act directs that the regulation must require payment systems covered by the rule and financial
transaction providers (including financial institutions) participating in each covered payment system
to establish policies and procedures that are reasonably designed to identify and block restricted
transactions. The rules must identify the types of policies and procedures that would be deemed to be
reasonably designed to meet the Acts objectives. The agencies are required to exempt any
transactions or participants in payment systems from the requirements of the rule if the regulators
determine it is not reasonably practical to identify and block such transactions.

The Act provides that a participant, such as a financial institution, in a payment system that is
covered by the rule will be deemed to be in compliance if it relies on the policies and procedures of
the payment system and such policies and procedures comply with the rule.

HIGHLIGHTS

The Department of the Treasury and the Federal Reserve Board (the Agencies) issued a
joint proposed rule to implement the Unlawful Internet Gambling Enforcement Act (Act).
The proposed rule would require participants in designated payment systems to establish
policies and procedures reasonably designed to identify and block or prevent transactions
in connection with unlawful Internet gambling.

The proposal designates five payment systems that could be used in connection with a
restricted transaction:

Participants in these payment systems include financial institutions that participate in,
are members of, or have contracted for services with a designated payment system.

Exemptions

The proposal exempts most participants in the ACH systems, check collection systems, and
wire transfer systems. Participants in these systems that are not exempt are those that
would have a customer relationship with the Internet gambling business and those that
send or receive certain cross-border transactions. Specifically, the first participant in
the United States that receives an incoming cross-border ACH debit or check collection
transaction directly from a foreign institution is not exempt. In the case of outgoing wire
transfers and ACH credit transactions, the originators financial institution or the
intermediary financial institution in the U.S. that sends the wire transfer transaction, or
the gateway operator that sends the ACH credit entry directly to a foreign bank is also not
exempt.

Specifically, the following participants in each payment system below would be exempt
from requirements to establish written policies and procedures to prevent or prohibit
restricted transactions:

ACH systems

The ACH Operator, except one that receives instructions to originate an
ACH debit transaction or send a credit transaction directly from a foreign
sender;

The originating depository financial institution (ODFI) in an ACH credit
transaction; and

The originators financial institution or intermediary financial institution
except one that sends or credits a wire transfer transaction directly to a foreign
bank.

Requirements for Non-Exempt Participants

In addition to participants that have a business relationship with an Internet gambling
business or receive or send certain cross-border transactions, participants in the credit
card services and money transmitting businesses are not exempt.

All non-exempt participants would be required to either:

Establish and implement policies and procedures to identify and block, or
otherwise prevent or prohibit restricted transactions; or

Rely on and comply with the policies and procedures established by the payment
system as long as its policies and procedures comply with the regulation.

The proposed regulations provide examples of policies and procedures for each designated
payment system. The examples are nonexclusive and participants are directed to use the
policies and procedures in a risk-based manner tailoring them to their type of business and
to the different types of restricted transactions.

Generally, policies and procedures for each system should be designed to prevent or prohibit
restricted transactions and include measures to be taken when restricted transactions are
discovered. Additionally, policies and procedures should address methods for conducting due
diligence in establishing and maintaining a commercial account relationship and should be
designed to ensure that the commercial customer does not originate or receive restricted
transactions.

Card Systems Examples

Policies and procedures for participants in card systems, including merchant acquirers, card
system operators, and card issuers, such as credit unions should:

Address methods for conducting due diligence in establishing or maintaining
a merchant/customer relationship. They should be designed to ensure that the
merchant/customer will not receive restricted transactions through the card system
by screening potential merchant customers to ascertain the nature of their business
and include in the merchant customer agreement that the merchant may not receive
restricted transactions through the card system.

Include procedures to identify and block or prevent or prohibit restricted
transactions by:

Establishing transaction and merchant/business category codes required to
accompany the authorization request and enabling the issuer or operator to
identify and deny authorization for a restricted transaction.

Monitoring or testing 1.) potential restricted transactions to ensure
authorization requests are coded correctly; 2.) websites to detect unauthorized
use of the card system including its trademark; or 3.) payment patterns to
detect suspicious payment volumes from a merchant customer.

Include procedures to be followed, such as assessing fines or denying access to the card system, when it is discovered that a merchant received restricted transactions through the card system.

Automated Clearing House System (ACH) Examples

Policies and procedures of the ODFIs and third-party senders in ACH debit transactions
and RDFIs in ACH credit transactions should:

Address methods for conducting due diligence in establishing or maintaining a
customer relationship. They should be designed to ensure that the customer will not
originate restricted debit transactions or receive restricted credit transactions by
screening potential commercial customers to ascertain the nature of their business
and include in the commercial customer agreement that the customer may not receive
restricted transactions.

Include procedures to be followed, such as assessing fines, preventing the
transaction or closing the account, when it is discovered that a customer originated
or received restricted transactions.

The proposal also includes examples of policies and procedures for ACH gateway operators
and third-party senders receiving instructions from foreign senders, which would not apply
to credit unions.

Check Collection System Examples

Policies and procedures of a depositary institution should:

Address methods for conducting due diligence in establishing or maintaining a customer
relationship to ensure that the customer would not receive restricted transactions such as
screening potential commercial customers to ascertain the nature of the business and include in
the commercial customer agreement that the customer may not deposit checks that constitute
restricted transactions.

Procedures should include actions to be taken, such as refusing checks for deposit and closing
the account, when the depository institution becomes aware that the customer deposited checks that
are restricted transactions.

Depository institutions that receive a check for collection directly from a foreign bank
should have policies and procedures in place that address methods for conducting due diligence in
establishing or maintaining the correspondent relationship with the foreign bank.

They should include a term in its agreement requiring the foreign bank to have policies and
procedures in place to ensure that the correspondent relationship will not be used to process
restricted transactions.

Additionally, procedures should include actions to be taken, such as denying check collection
services for the foreign bank or closing the correspondent account, when it is discovered that a
foreign bank sent checks that are restricted transactions.

Wire Transfer System Examples

The policies and procedures of a beneficiarys financial institution in a wire transfer
should:

Address methods for conducting due diligence in establishing or maintaining a
commercial customer relationship to ensure that the customer would not receive restricted
transactions such as screening potential commercial customers to ascertain the nature of
the business and include in the commercial customer agreement that the customer may not
receive restricted transactions.

Both the beneficiarys financial institution as well as an originators financial
institution or intermediary bank that sends or credits a wire transfer directly to a
foreign bank should have procedures that include actions to be taken, such as denying
access to the wire transfer system and closing the account, when restricted transactions
are discovered.

Money Transmitting Business Examples

The example of policies and procedures of money transmitting businesses include addressing
methods for conducting due diligence in establishing or maintaining a commercial relationships.
The policies and procedures should be designed to ensure that the commercial subscriber will not
receive restricted transactions through the money transmitting business by screening potential
commercial subscribers to ascertain the nature of their business and include in their agreement
that the subscriber may not receive restricted transactions.

The money transmitting business should Include procedures to identify and block or prevent
or prohibit restricted transactions by monitoring or testing:

Websites to detect unauthorized use of the money transmitting business including its
trademark; or

Payment patterns to detect suspicious payment volumes.

Procedures should include what actions should be followed, such as assessing fines, denying
access or closing accounts, when it is discovered that restricted transactions have been
received.

Safe Harbor

The proposal provides a safe harbor to anyone that identifies and blocks or a transaction or refuses to honor a transaction if:

The transaction is restricted or the participant reasonably believes the transaction
is restricted; or

The non-exempt participant blocked the transaction in reliance on the policies and
procedures of the designated payment system in an effort to comply with the regulation.

Definitions

The following are key definitions listed in the proposal:

Unlawful Internet gambling transaction  to place, receive or otherwise knowingly
transmit a bet or wager by any means that involves the use, at least in part, of the
Internet where such a bet or wager is unlawful under any applicable Federal or State
law where the bet or wager is initiated, received or otherwise made.

Restricted (payment) transaction  one which a person engaged in the business of
betting or wagering is prohibited from accepting in connection with another persons
participation in unlawful Internet gambling. Such transactions include credit or the
proceeds of credit, electronic fund transfers, funds transmitted by or through a money
transmitting business or the proceeds of such transfers, and any check, draft or similar
instrument that is drawn by or on behalf of the other person and is drawn on or payable
at or through any financial institution.

Participant in a designated payment system  an operator of a designated payment
system or a financial institution that is a member of or has contracted for financial
transaction services with, or is participating in a designated payment system.

Automated clearing house system or ACH system  a funds transfer system, primarily
governed by the ACH rules. The terms used in this proposal when referring to ACH systems
are those terms that are defined in the ACH Rules.

Card Issuer  any person who issues a credit, debit, or pre-paid card as well as any
stored value products, issued or authorized by the operator of the system.

Money transmitting business or service  is any business other than a depository
institution which provides check cashing, currency exchange, or money transmitting or remittance services, or issues or redeems money orders, travelers checks, and other similar instruments.

QUESTIONS REGARDING THE PROPOSAL

Is this rule well-constructed or do you find it confusing? Why?

Please explain.

Do you believe that the list of five designated payment systems is too broad
or too narrow? Do you agree with the current list of designated payment systems,
or should new and emerging systems be included?

Please explain.

Do you agree with the list of exempt participants? Do you believe any
additional exemptions should be included or should existing exemptions be
removed?

Please explain.

The proposed rule currently exempts Originating Depository Financial
Institutions (ODFIs) from establishing and implementing policies and
procedures. Do you believe it is impractical for an ODFI to implement
policies and procedures in an ACH credit transaction? Does the burden
outweigh any benefit in identifying and blocking restricted transactions?

The proposal specifically exempts the originators financial institution
and intermediary financial institution in a domestic wire transfer. Do you
believe it is impractical for these participants to implement policies and
procedures in a wire transaction?

Do you believe it is appropriate for participants to incorporate into
their account opening procedures the proposals due diligence provisions,
including periodic confirmation of the nature and type of a commercial
customers business?

Do you support the inclusion of examples of policies and procedures?
Are the examples too broad or too specific?

Do you believe ongoing monitoring and testing should be incorporated in
the examples for the ACH, wire and check cashing systems?

Do you believe it is practical and cost-effective for card systems to develop
additional merchant codes to include lawful Internet gambling?

Do you believe that the agencies should establish and maintain a list of
unlawful Internet gambling businesses for participants to access and use when
blocking restricted transactions?

Do you agree with the proposed definitions of the terms, specifically of the
designated payment systems and participants? If not, please explain.

Do you believe six month after the joint final rules are published is sufficient time
for financial institutions and other participants to comply?